From e1784623a9498e74ec0a888212deaec0aaa3e10d Mon Sep 17 00:00:00 2001 From: Ikuya Fukumoto Date: Wed, 7 Dec 2022 11:44:25 +0900 Subject: [PATCH] JPCERT/CC 2022-12-07-11-41 --- 2022/37xxx/CVE-2022-37406.json | 53 ++++++++++++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41783.json | 50 ++++++++++++++++++++++++++++++-- 2022/41xxx/CVE-2022-41994.json | 50 ++++++++++++++++++++++++++++++-- 2022/42xxx/CVE-2022-42486.json | 50 ++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43464.json | 50 ++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43468.json | 53 ++++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43508.json | 50 ++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43509.json | 50 ++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43660.json | 50 ++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43667.json | 50 ++++++++++++++++++++++++++++++-- 2022/43xxx/CVE-2022-43668.json | 50 ++++++++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44606.json | 50 ++++++++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44608.json | 50 ++++++++++++++++++++++++++++++-- 2022/44xxx/CVE-2022-44620.json | 50 ++++++++++++++++++++++++++++++-- 2022/45xxx/CVE-2022-45113.json | 50 ++++++++++++++++++++++++++++++-- 2022/45xxx/CVE-2022-45122.json | 50 ++++++++++++++++++++++++++++++-- 16 files changed, 758 insertions(+), 48 deletions(-) diff --git a/2022/37xxx/CVE-2022-37406.json b/2022/37xxx/CVE-2022-37406.json index 56121a40f33..55568a48cc6 100644 --- a/2022/37xxx/CVE-2022-37406.json +++ b/2022/37xxx/CVE-2022-37406.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-37406", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "RICOH COMPANY, LTD.", + "product": { + "product_data": [ + { + "product_name": "Aficio SP 4210N", + "version": { + "version_data": [ + { + "version_value": "firmware versions prior to Web Support 1.05" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp42/sp42.htm" + }, + { + "url": "https://support.ricoh.com/bbv2/html/dr_ut_d/ipsio/history/w/bb/pub_j/dr_ut_d/4101044/4101044791/V101/5236968/redirect_CLUTool_DOM/history.htm" + }, + { + "url": "https://jvn.jp/en/jp/JVN24659622/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script." } ] } diff --git a/2022/41xxx/CVE-2022-41783.json b/2022/41xxx/CVE-2022-41783.json index ec92d7907ca..d383184af6b 100644 --- a/2022/41xxx/CVE-2022-41783.json +++ b/2022/41xxx/CVE-2022-41783.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41783", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TP-Link", + "product": { + "product_data": [ + { + "product_name": "TP-Link RE300 V1", + "version": { + "version_data": [ + { + "version_value": "firmware versions prior to 221009" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Handling of Syntactically Invalid Structure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tp-link.com/en/support/download/re300/v1/#Firmware" + }, + { + "url": "https://jvn.jp/en/jp/JVN29657972/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function." } ] } diff --git a/2022/41xxx/CVE-2022-41994.json b/2022/41xxx/CVE-2022-41994.json index b153ab005fe..63fb8182fdf 100644 --- a/2022/41xxx/CVE-2022-41994.json +++ b/2022/41xxx/CVE-2022-41994.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-41994", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "baserCMS Users Community", + "product": { + "product_data": [ + { + "product_name": "baserCMS", + "version": { + "version_data": [ + { + "version_value": "versions prior to 4.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://basercms.net/security/JVN_53682526" + }, + { + "url": "https://jvn.jp/en/jp/JVN53682526/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script." } ] } diff --git a/2022/42xxx/CVE-2022-42486.json b/2022/42xxx/CVE-2022-42486.json index 4f44eb36c5a..84381899f51 100644 --- a/2022/42xxx/CVE-2022-42486.json +++ b/2022/42xxx/CVE-2022-42486.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-42486", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "baserCMS Users Community", + "product": { + "product_data": [ + { + "product_name": "baserCMS", + "version": { + "version_data": [ + { + "version_value": "versions prior to 4.7.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://basercms.net/security/JVN_53682526" + }, + { + "url": "https://jvn.jp/en/jp/JVN53682526/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script." } ] } diff --git a/2022/43xxx/CVE-2022-43464.json b/2022/43xxx/CVE-2022-43464.json index 2abadb69b7c..529f3b130fa 100644 --- a/2022/43xxx/CVE-2022-43464.json +++ b/2022/43xxx/CVE-2022-43464.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43464", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "UNIMO Technology Co., Ltd", + "product": { + "product_data": [ + { + "product_name": "UDR-JA1604/UDR-JA1608/UDR-JA1616", + "version": { + "version_data": [ + { + "version_value": "firmware versions 71x10.1.107112.43A and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Hidden Functionality" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1666831567-004418" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU94514762/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings." } ] } diff --git a/2022/43xxx/CVE-2022-43468.json b/2022/43xxx/CVE-2022-43468.json index 2763b826782..b6af4a89e0f 100644 --- a/2022/43xxx/CVE-2022-43468.json +++ b/2022/43xxx/CVE-2022-43468.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43468", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hector Cabrera", + "product": { + "product_data": [ + { + "product_name": "WordPress Popular Posts", + "version": { + "version_data": [ + { + "version_value": "6.0.5 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "External Initialization of Trusted Variables or Data Stores" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wordpress-popular-posts/" + }, + { + "url": "https://github.com/cabrerahector/wordpress-popular-posts/" + }, + { + "url": "https://jvn.jp/en/jp/JVN13927745/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number of views for an article may be manipulated through a crafted input." } ] } diff --git a/2022/43xxx/CVE-2022-43508.json b/2022/43xxx/CVE-2022-43508.json index ddaf85b34fd..edf25495570 100644 --- a/2022/43xxx/CVE-2022-43508.json +++ b/2022/43xxx/CVE-2022-43508.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43508", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OMRON Corporation", + "product": { + "product_data": [ + { + "product_name": "CX-Programmer", + "version": { + "version_data": [ + { + "version_value": "v.9.77 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html" + }, + { + "url": "https://jvn.jp/vu/JVNVU92877622/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file." } ] } diff --git a/2022/43xxx/CVE-2022-43509.json b/2022/43xxx/CVE-2022-43509.json index d92c99b9946..1b43a33510d 100644 --- a/2022/43xxx/CVE-2022-43509.json +++ b/2022/43xxx/CVE-2022-43509.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43509", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OMRON Corporation", + "product": { + "product_data": [ + { + "product_name": "CX-Programmer", + "version": { + "version_data": [ + { + "version_value": "v.9.77 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html" + }, + { + "url": "https://jvn.jp/vu/JVNVU92877622/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file." } ] } diff --git a/2022/43xxx/CVE-2022-43660.json b/2022/43xxx/CVE-2022-43660.json index d823028850a..697bc22860d 100644 --- a/2022/43xxx/CVE-2022-43660.json +++ b/2022/43xxx/CVE-2022-43660.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43660", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Six Apart Ltd.", + "product": { + "product_data": [ + { + "product_name": "Movable Type", + "version": { + "version_data": [ + { + "version_value": "Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Server-Side Includes (SSI) Within a Web Page" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://movabletype.org/news/2022/11/mt-796-688-released.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN37014768/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier." } ] } diff --git a/2022/43xxx/CVE-2022-43667.json b/2022/43xxx/CVE-2022-43667.json index 098c6df307e..abaf3d84787 100644 --- a/2022/43xxx/CVE-2022-43667.json +++ b/2022/43xxx/CVE-2022-43667.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43667", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OMRON Corporation", + "product": { + "product_data": [ + { + "product_name": "CX-Programmer", + "version": { + "version_data": [ + { + "version_value": "v.9.77 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jvn.jp/en/vu/JVNVU92877622/index.html" + }, + { + "url": "https://jvn.jp/vu/JVNVU92877622/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file." } ] } diff --git a/2022/43xxx/CVE-2022-43668.json b/2022/43xxx/CVE-2022-43668.json index df0a5ef6825..54c92826257 100644 --- a/2022/43xxx/CVE-2022-43668.json +++ b/2022/43xxx/CVE-2022-43668.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-43668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Typora", + "product": { + "product_data": [ + { + "product_name": "Typora", + "version": { + "version_data": [ + { + "version_value": "versions prior to 1.4.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Encoding or Escaping of Output" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typora.io/releases/all" + }, + { + "url": "https://jvn.jp/en/jp/JVN26044739/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product." } ] } diff --git a/2022/44xxx/CVE-2022-44606.json b/2022/44xxx/CVE-2022-44606.json index aab692a3df5..922bdb85083 100644 --- a/2022/44xxx/CVE-2022-44606.json +++ b/2022/44xxx/CVE-2022-44606.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "UNIMO Technology Co., Ltd", + "product": { + "product_data": [ + { + "product_name": "UDR-JA1604/UDR-JA1608/UDR-JA1616", + "version": { + "version_data": [ + { + "version_value": "firmware versions 71x10.1.107112.43A and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1666831567-004418" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU94514762/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings." } ] } diff --git a/2022/44xxx/CVE-2022-44608.json b/2022/44xxx/CVE-2022-44608.json index ec9ff03d472..4f5f241253a 100644 --- a/2022/44xxx/CVE-2022-44608.json +++ b/2022/44xxx/CVE-2022-44608.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44608", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cybozu, Inc.", + "product": { + "product_data": [ + { + "product_name": "Cybozu Remote Service", + "version": { + "version_data": [ + { + "version_value": "4.0.0 to 4.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cs.cybozu.co.jp/2022/007754.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN87895771/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition." } ] } diff --git a/2022/44xxx/CVE-2022-44620.json b/2022/44xxx/CVE-2022-44620.json index c35a6ed84f0..f8c13a0de2e 100644 --- a/2022/44xxx/CVE-2022-44620.json +++ b/2022/44xxx/CVE-2022-44620.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-44620", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "UNIMO Technology Co., Ltd", + "product": { + "product_data": [ + { + "product_name": "UDR-JA1604/UDR-JA1608/UDR-JA1616", + "version": { + "version_data": [ + { + "version_value": "firmware versions 71x10.1.107112.43A and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.unimo.co.jp/table_notice/index.php?act=1&resid=1666831567-004418" + }, + { + "url": "https://jvn.jp/en/vu/JVNVU94514762/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings." } ] } diff --git a/2022/45xxx/CVE-2022-45113.json b/2022/45xxx/CVE-2022-45113.json index 1197a8f6b9e..f02e0ea04a5 100644 --- a/2022/45xxx/CVE-2022-45113.json +++ b/2022/45xxx/CVE-2022-45113.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-45113", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Six Apart Ltd.", + "product": { + "product_data": [ + { + "product_name": "Movable Type", + "version": { + "version_data": [ + { + "version_value": "Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Syntactic Correctness of Input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://movabletype.org/news/2022/11/mt-796-688-released.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN37014768/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper validation of syntactic correctness of input vulnerability exist in Movable Type series. Having a user to access a specially crafted URL may allow a remote unauthenticated attacker to set a specially crafted URL to the Reset Password page and conduct a phishing attack. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier." } ] } diff --git a/2022/45xxx/CVE-2022-45122.json b/2022/45xxx/CVE-2022-45122.json index 557560356da..7b2ad47d412 100644 --- a/2022/45xxx/CVE-2022-45122.json +++ b/2022/45xxx/CVE-2022-45122.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-45122", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vultures@jpcert.or.jp" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Six Apart Ltd.", + "product": { + "product_data": [ + { + "product_name": "Movable Type", + "version": { + "version_data": [ + { + "version_value": "Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://movabletype.org/news/2022/11/mt-796-688-released.html" + }, + { + "url": "https://jvn.jp/en/jp/JVN37014768/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type Advanced 6.8.7 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier allows a remote unauthenticated attacker to inject an arbitrary script." } ] }